The invention is embodied in a computer including a memory and a memory protector responsive to a list of key memory locations containing information to be protected, the memory protector including (a) a write protection circuit--operating independently of the computer--which prevents any write requests specifying the memory locations contained in the list from being carried out, and (b) a manual protect enable switch for enabling and temporarily disabling the write protection circuit, thus allowing special or temporary access to the protected memory locations. The write protection circuit may be implemented as a programmed microprocessor with its program stored in a non-volatile read-only memory, or as a dedicated hard-wired logic circuit, such as a field programmable gate array. The list of key memory locations may be stored in a non-volatile memory accessed by the write protection circuit. More conveniently, the list is contained in a protected memory location (i.e., a memory location specified on the list itself), the list being downloaded to the write protection circuit.
|
11. A computer memory system for access by a host computer through write requests from said host computer specifying particular memory locations to be written, said computer memory system comprising:
a mass memory data storage medium; a list in a location not write accessible by said host computer of memory locations of said mass memory data storage medium which are to be protected from writing; a protection circuit independent of said host computer for preventing the execution of memory write requests from said host computer involving at least one of said protected memory locations; and a switch for disabling said protection circuit.
1. A method of protecting selected locations in a computer mass memory from overwriting by a host computer, said host computer adapted to send write requests specifying memory locations to said memory, said method comprising:
designating in a location not write-accessible by said host computer selected memory locations of said computer mass memory to be protected; comparing in a circuit independent of said host computer write requests from said host computer with the designation of the memory locations to be protected, and blocking such write requests for which a match is found in the comparison; and refraining from said blocking in response to a prompt external of said host computer, so as to permit manually controlled access to said protected memory locations.
2. The method of
(a) dividing said memory into sectors and protecting a predetermined portion of each sector from being written to except during said refraining; (b) setting said predetermined portion of each memory location to be protected to a flag value during said refraining.
3. The method of
storing a list of all memory locations to be protected either (a) some of said protected memory locations in said memory or (b) another storage device not freely accessible by said host computer, and downloading said list for access by said circuit.
4. The method of
5. The method of
7. The method of
8. The method of
9. The method of
10. The method of
12. The computer of
13. The computer memory system of
14. The computer memory system of
15. The computer memory system of
16. The computer memory system of
17. The computer memory system of
18. The computer memory system of
19. The computer system of
20. The computer system of
21. The computer system of
22. The computer system of
23. The computer memory system of
|
1. Technical Field
The invention is related to the protection of computer mass memories such as magnetic hard disk drives, optical disk drives and the like, and in particular to apparatus for protecting key sectors of such memories from accidental or unauthorized overwriting.
2. Background Art
A computer is vulnerable to accidental or unauthorized overwriting or erasure of portions of its mass memory containing key programs such as the operating system, for example, or containing important archival storage such as accounting information, for example. Unauthorized overwriting can occur when a computer virus somehow enters the computer in the form of a clever program that gets stored in the mass memory and which contains instructions causing the computer to overwrite such key portions of its mass memory. If, for example, a portion of the mass memory containing the operating system is overwritten because of such a virus, the computer does not function the next time it is powered up. If portions of the mass memory containing application programs are overwritten, such programs will not run properly. Accidental or unauthorized overwriting of the mass memory can also occur by accidental formatting of the hard drive or by erasing sector zero of the mass memory including the file allocation table.
An object of the present invention is to provide a computer which is impervious to unauthorized (intentional) or accidental overwriting of key sectors of its mass memory. A related object of the invention is that the computer be impervious to such unauthorized or accidental overwriting of key mass memory sectors even in the presence of an active computer virus in the mass memory.
The invention is embodied in a computer including a mass memory and a memory protector responsive to a list of key mass memory locations containing information to be protected, the memory protector including (a) a write protection circuit--operating independently of the computer--which prevents any write requests specifying the mass memory locations contained in the list from being carried out, and (b) a user-controlled protect enable switch for enabling and temporarily disabling the write protection circuit, thus allowing special or temporary access to the protected mass memory locations. The write protection circuit may be implemented as a programmed microprocessor with its program stored in a non-volatile read-only memory, or as a dedicated hard-wired logic circuit, such as a field programmable gate array. The list of key mass memory locations may be stored in a non-volatile memory accessed by the write protection circuit. More conveniently, the list is contained in a protected mass memory location (i.e., a mass memory location specified on the list itself), the list being downloaded to the write protection circuit as required. For example, it may be downloaded at system power-up, or each time the user-controlled protect enable switch is moved to its enable position or each time the media is changed (for example, if the mass memory is a removable media disk drive).
However, in the preferred embodiment, no list of protected mass memory locations is required. Instead, each protected mass memory location (e.g., a particular sector on a disk drive) has a particular bit (hereinafter referred to as a "sector bit") which is always protected by the protection circuit. The protection circuit always senses the value of the protected sector bit before permitting any writing to that sector. If the sector bit is of a certain "flag" value (e.g., binary 1 ), then the protection circuit 160 prevents any writing to that sector. Otherwise, if the sector bit is not set to the "flag" value (e.g., if the sector bit is binary 0), then the protection circuit permits that sector to be written to. The sector bit may only be changed if the protection circuit has been disabled by the user exercising the switch. An advantage of this embodiment is that a complete list of addresses of protected mass memory locations need not be maintained and periodically accessed or downloaded for the protection circuit.
The designation or list of protected mass memory locations may be modified only by first toggling the protect enable switch. In the embodiments in which a list of all protected mass memory locations is stored in a known protected memory location (either on a PROM chip or on the mass memory itself), toggling of the switch at least temporarily disables the protect circuit to allow writing to the mass memory location (or PROM location) containing the list. Since the protect enable switch is controlled by an external entity (either the user or a remote controller, device or computer), it is not susceptible to tampering by a computer virus which has entered the mass memory of the host computer. Since the write protection circuit is independent of the host computer, it does not respond to and is not changed by instructions stored in the computer's mass memory, and therefore is not susceptible to tampering by a computer virus stored in the mass memory.
In a first embodiment, the write protection circuit and the manual protect enable switch are part of the mass memory (e.g., the hard drive) itself. In a second embodiment, the write protection circuit and the manual protect enable switch are at a remote location such as an interface card normally installed between the computer and the mass memory or in a separate card in-line with the interface card. In the second embodiment, the write protection circuit responds to a request to write to a protected mass memory location by causing an illegal command to be sent to the mass memory, causing the mass memory to abort the write operation and issue an error signal back to the computer. In either the first or second embodiment, the list can be stored either in a non-volatile memory accessed by the write protection circuit or in a protected location of the computer's mass memory, as stated above. The first embodiment is suited for using a protected sector bit in each sector to label the sector as "protected" or "unprotected".
If the list of protected mass memory locations is stored in a non-volatile memory accessed by the write protection circuit, the non-volatile memory optionally may be programmable through the host computer for the sake of convenience. However, in this case overwriting of the non-volatile memory containing the list of protected mass memory locations is preferably prevented whenever the protect enable manual switch is in its enable position. In this way the non-volatile memory enjoys the same status as the protected sectors of the host computer's mass memory. In another embodiment, the non-volatile memory storing the list of protected mass memory locations is not accessible to the host computer.
There are several advantages to storing the list of protected mass memory locations in the mass memory itself or always protecting a sector bit in each sector designating that sector as protected or unprotected. One is that minimal reconfiguration of existing mass memory systems is required to carry out the invention. Another is that memories with removable media can have different patterns of protected memory locations for different removable disks up to any number of removable disks for a given disk drive.
Another feature of the invention is a time-out feature in which the disable mode of the manual protect enable switch is effective for a limited time only, so that inadvertent or intentional tampering with the switch is not possible. Such a feature is built into the write protection circuit or the program it carries out.
FIG. 1 is a schematic block diagram of a first embodiment of the invention having a write protection processor resident in the mass memory itself.
FIG. 2 is a schematic block diagram of a second embodiment of the invention having a write protection processor resident in interface between the host computer and the mass memory.
FIG. 3 is a flow diagram illustrating how the invention operates in its protected mode.
FIG. 4 is a diagram illustrating how the protected mode of FIG. 3 is carried out in the embodiment of FIG. 2 employing an IDE bus protocol in response to an attempt to overwrite a protected mass memory sector.
FIG. 5 is a diagram illustrating how the protected mode of FIG. 3 is carried out in the embodiment of FIG. 2 employing an IDE bus protocol in response to an attempt to overwrite an un-protected mass memory sector.
FIG. 6 is a flow diagram illustrating how the invention operates in its unprotected mode.
FIG. 7 is a diagram illustrating how the unprotected mode of FIG. 6 is carried out in the embodiment of FIG. 2
FIG. 8 is a schematic block diagram illustrating another alternative embodiment of the invention.
FIG. 9 is a schematic block diagram illustrating yet another alternative embodiment of the invention.
Referring to FIG. 1, a computer system such as a personal computer or a work station, for example includes a host computer 100 having a microprocessor and motherboard, a drive interface or controller card 110 connected to the host computer 100 by a bus 115 and a mass memory 120, such as a magnetic hard drive, connected to the controller card 115 by a bus 125. The mass memory 120 may be any type such as a magnetic hard disk drive, a read/write compact disk (CD) drive, a magneto-optical drive, a removable disk drive or an optical disk drive. The interface protocol carried out between the host computer 100, the controller card 110 and the mass memory 120 may be any industry standard interface protocol such as IDE, SCSI, SSA or future interface protocols such as IEEE 1394, for example.
The mass memory 120 includes a internal drive control circuitry 130 and the storage media 140 controlled by the internal drive control circuitry. If the mass memory 120 is a magnetic or optical disk drive then the storage media 140 is a stack of magnetic or optical disks, respectively. Certain software key to the operation of the host computer 100 (such as the operating system) or certain irreplaceable data (such as accounting data, for example) is stored in known sectors or mass memory locations in the mass memory 120. In order to prevent inadvertent erasure of such mass memory locations or intentional sabotage of them (as by a computer virus), a first embodiment of the invention provides a write protection circuit 160 in the form of either a microprocessor including a programmed read-only memory or a dedicated hard-wired logic circuit such as a programmable gate array. The circuit 160 is programmed (if a microprocessor) or configured (if a gate array) to carry out a write protection function by preventing any attempts to write or change data already stored in mass memory locations specified in a list as "protected" mass memory locations. The list may be stored in protection firmware and hardware 170 accessed by the write protection circuit 160 or it may be stored in one of the mass memory locations specified on the list itself. If the write protection circuit 160 is a microprocessor, then the protection firmware and hardware 170 may store the program which the circuit 160 carries out in performing the write protection function described here. The generation of such a program is carried out by the skilled worker in this field as a trivial exercise in view of the disclosure of this specification.
Basically, the write protection function carried out by the write protection circuit or microprocessor 160 is to compare the mass memory address specified in each write request received from the host computer 100 with the list of protected mass memory locations. If it finds a match, the processor 160 causes the write operation to be aborted and an error signal to be sent from the mass memory 120 back through the interface card 110 to the host computer 100. Otherwise, the processor 160 does not interfere with the write operation. In the case of a legal write request (i.e., a write request not specifying a protected mass memory location), the protection firmware and hardware 170 passes along the write request from the host computer 100 to the internal drive control circuitry 130. The write protection circuit 160 does not interfere with read requests from the host computer 100 so that the write protection circuit 160 and its associated firmware and hardware 170 are transparent to mass memory read operations.
In order to permit the host computer user to update or modify key contents of the mass memory 120, for example to upgrade the operating system or to modify archival data, a write protect enable switch 180 controlling the write protect circuit 160 is provided which, when exercised, temporarily disables the write protection function of the write protection circuit 160 to permit temporary writing to the protected mass memory locations specified in the list. For example, the write protect circuit 160 can have a one-bit control input. The write protect circuit may either respond to any change in the binary value (either from 1 to 0 or from 0 to 1) to disable itself, preferably for a temporary predetermined time period, or, less preferably, disables itself for as long as the binary value is of a certain value (e.g., 1). Alternatively, the switch 180 itself could have a time-out feature built into it so that, upon being exercised or toggled, it changes the binary value to the disable state (e.g., 1) for a temporary time period and then automatically returns the binary value to enable state (e.g., 0). Preferably, the switch 180 is a manual button and must be manually exercised by the user so that no computer virus can circumvent the write protect enable button 180. However, the switch 180 may be electronically activated. In this case, any external device can control the switch 180 through an electronic, electrical or optical link. For example, the switch 180 may be controlled via a communication link (either optical link or a telephone line/modem, for example) by a remote master computer in a network of computers. Or, the switch 180 may be controlled by any other remote device such as a personal communication device. The most simple remote electronic control of the switch could be achieved by employing a hand-held infrared transmitter, the switch 180 including an infrared receiver in this case. Preferably, the protection firmware and hardware 170 (rather than the switch 180) includes a time-out feature which limits the time window during which the write protection function of the write protection circuit 160 is disabled after the button 180 has been exercised. As a further option, a secure user ID code may be required to be entered into the host computer keyboard (for example) before the button 180 can disable the write protection function.
As another convenient option, whenever the button 180 is exercised by the user, the host computer 100 is allowed to write not only to the protected locations in the mass memory 120 but also to memory locations in the protection firmware and hardware 170. Such memory locations in the protection firmware and hardware 170 may store the list of protected locations in the mass memory 120, in one embodiment. Thus, under access controlled by the manual button 180, the user can conveniently alter the list of protected mass memory locations and/or alter the data stored in those locations.
In some cases, it may be possible to implement the functions of FIG. 1 using existing components in the disk drive, thereby requiring few or no hardware changes to the disk drive in carrying out the invention.
In the preferred embodiment, no list of protected mass memory locations is required. Instead, each protected mass memory location (e.g., a particular sector on the mass memory or disk drive 120) has a particular bit (hereinafter referred to as a "sector bit") which is always protected by the protection circuit 160. The protection circuit 160 always senses the value of the protected sector bit before permitting any writing to that sector. If the sector bit is of a certain "flag" value (e.g., binary 1), then the protection circuit 160 prevents any writing to that sector. Otherwise, if the sector bit is not set to the "flag" value (e.g., if the sector bit is binary 0), then the protection circuit 160 permits that sector to be written to by the host computer 100. The sector bit may only be changed if the protection circuit 160 has been disabled by the user exercising the switch 180. An advantage of this embodiment is that a complete list of addresses of protected mass memory locations need not be maintained and periodically accessed or downloaded for the protection circuit 160. The only requirement is that the protection circuit 160 be programmed to do two things: (a) prevent writing to the location of the sector bit of each sector (except when the switch 180 disables the protection circuit 160), and (b) prevent writing to any portion of the entire sector if its sector bit is set to the "flag" or "protect" value (except when the switch 180 disables the protection circuit 160).
FIG. 2 illustrates another embodiment of the invention in which the write protection circuit 160, the write protection firmware and hardware 170 and the protect enable button 180 are located remotely from the mass memory 120 but in-line in the data flow between the host computer 100 and the mass memory 120. In the example of FIG. 2, the write protection circuit 160, the write protection firmware and hardware 170 and the protect enable button 180 are all located on the interface card 110 although they may be located separately from the interface card 110. One advantage of locating them on the interface card is that in some cases the write protection circuit 160 may be implemented using circuits or hardware already present on the interface card 110.
In accordance with a preferred feature of the embodiment of FIG. 2, in order to abort a request from the host computer 100 to write in a protected mass memory location, the protection firmware and hardware 170 in the embodiment of FIG. 2 preferably transmits to the internal drive control circuitry 130 of the mass memory 120 an illegal command (in lieu of the write request from the host computer 100). Such an illegal command causes the internal drive control circuitry 130 to abort the write process and return an error message. In the case of a legal write request (i.e., a write request not specifying a protected mass memory location), the protection firmware and hardware 170 passes along the write request from the host computer 100 to the internal drive control circuitry 130. The advantage of this feature is that it requires no modification of the disk drive 120 itself in carrying out the invention. The write protection circuit 160 does not interfere with read requests from the host computer 100 so that the write protection circuit 160 and its associated firmware and hardware 170 are transparent to mass memory read operations.
Referring to FIG. 3, when the write protection circuit 160 is not disabled by the button 180, the central processing unit (CPU) of the host computer 100 manages computer resources (block 310 of FIG. 3), sending requests for data 315 to read data from the mass memory 120 (block 320 of FIG. 3) and receives data 325 back from the mass memory 120. In the meantime the CPU processes requests from other sources (330). If a write request 340 is issued by the CPU, then the write protection circuit 160 determines whether it involves protected mass memory locations (block 350 of FIG. 3). If so (YES branch of block 350), then the write protection circuit 160 causes an error message 360 to be returned to the host computer 100. Otherwise (NO branch of block 350), the data is written to the hard drive (at 380 of FIG. 3).
FIG. 4 illustrates the sequence of signals transmitted between the host computer 100 and the mass memory 120 of FIG. 2 where an IDE interface protocol is employed to carry out the process of FIG. 3. FIG. 4 illustrates the case in which a write request is received specifying a protected mass memory location using the standard IDE protocol signals. The process illustrated in FIG. 4 is as follows:
The host computer 100 writes setup information (sector address, etc.) to the mass memory or disk drive 120. The protection circuit 160 monitors this setup information to determine if the sector address is currently protected.
The disk drive 120 indicates that it is ready for a command by setting the drive ready bit (DRDY) in the status register.
The host computer 100 sends the write sector command. If the sector address is monitored above indicates a protected sector, this command is intercepted by the protection circuitry and a dummy command (i.e. unused illegal command) is sent to the disk drive unit 120. This illegal command will cause the disk drive 120 to abort the process and issue an error.
The drive clears BSY and drives the interrupt request bus signal line (INTRQ) active to indicate that the host should read the status register.
The host reads the error bit in the status register.
If the disk drive 120 detects an error condition (e.g. illegal command from the host) it will abort the process, set the error bit in the status register and assert INTRQ to let the host computer 120 know that it should read the status register. The drive also places an error code in the error register to indicate what type of error was encountered.
FIG. 5 illustrates the sequence of signals transmitted between the host computer 100 and the mass memory 120 of FIG. 2 where an IDE interface protocol is employed to carry out the process of FIG. 3. FIG. 5 illustrates the case in which a write request is received specifying an unprotected mass memory location using the standard IDE protocol signals. The process illustrated in FIG. 5 is as follows:
The host computer 100 writes setup information (sector address, etc.) to the drive. The protection circuit 160 monitors this setup information to determine if the sector address is currently protected.
The disk drive 120 indicates that it is ready for a command by setting the drive ready bit (DRDY) in the status register.
The host computer 100 sends the write sector command. If the sector address as monitored above does not indicate a protected sector, this command is intercepted by the protection circuit 160 but is passed along intact to the internal control circuit 130 of the disk drive 120 so that the write sequence continues normally.
The disk drive 120 sets the data request bit (DRQ) in the status register.
The host computer 120 sends the data to be written to the drive a byte at a time and the drive stores this data in the sector buffer.
The disk drive 120 resets DRQ and sets the busy bit (BSY) in the status register.
The disk drive 120 writes the data in the sector buffer to the media.
The disk drive 120 clears BSY and drives the interrupt request bus signal line (INTRQ) active to indicate that the host computer 100 should read the status register.
The host computer 100 reads the status register.
The disk drive 120 de-asserts INTRQ.
Referring to FIG. 6, when the write protection circuit 160 has been temporarily disabled by the button 180, the central processing unit (CPU) of the host computer 100 manages computer resources (block 610 of FIG. 3), sending requests for data 615 to read data from the mass memory 120 (block 620 of FIG. 3) and receives data 625 back from the mass memory 120. In the meantime the CPU processes requests from other sources (630). If a write request 640 is issued by the CPU, the write protection circuit 160 senses that it has been placed in a quiescent state by the button 180 (block 675 of FIG. 6) and the data is written to the hard drive (at 680 of FIG. 3).
FIG. 7 illustrates the sequence of signals transmitted between the host computer 100 and the mass memory 120 of FIG. 2 where an IDE interface protocol is employed to carry out the process of FIG. 6 using the standard IDE protocol signals. The process illustrated in FIG. 5 is as follows:
The host computer 100 writes setup information (sector address, etc.) to the drive. The protection circuit 160 does not monitor this setup information since the button 180 has been exercised to disable the protection circuit 160.
The disk drive 120 indicates that it is ready for a command by setting the drive ready bit (DRDY) in the status register.
The host computer 100 sends the write sector command. This command is not intercepted by the protection circuit 160 because the button 180 has been exercised to disable the protection circuit 160 so that the command is send directly to the internal control circuit 130 of the disk drive 120 and the write sequence continues normally.
The disk drive 120 sets the data request bit (DRQ) in the status register.
The host computer 120 sends the data to be written to the drive a byte at a time and the drive stores this data in the sector buffer.
The disk drive 120 resets DRQ and sets the busy bit (BSY) in the status register.
The disk drive 120 writes the data in the sector buffer to the media.
The disk drive 120 clears BSY and drives the interrupt request bus signal line (INTRQ) active to indicate that the host computer 100 should read the status register.
The host computer 100 reads the status register.
The invention may further include in the host computer 100 a software interface 900 which permits the user to specify the names of files in the mass memory which are to be protected. The software interface would then search the mass memory directory to automatically determine all of the mass memory locations where a particular file or portions thereof are stored. The software interface would then transmit the addresses of the corresponding mass memory locations to the memory locations at which the list of protected memory locations is stored. Since these memory locations cannot be altered without authorization through the button 160, the software interface would further include a feature which holds the mass memory addresses determined from the user's designated file names until such time as the button 160 is activated to authorize access to those protected mass memory locations storing the list of all protected mass memory locations. The advantage of the software interface 900 is that the user is not required to know the locations in mass memory at which a particular file is stored. Thus, for example, if the user wishes to protect the operating system on the host computer 100, he merely invokes the software interface 900 and enters the file names of the operating system to the software interface 900. The software interface 900 can prompt the user to exercise the protect enable button 180 to permit the software interface 900 to add the corresponding mass memory locations to the list of protected locations. The software interface can further prompt the user to first run a computer-virus detection software package on the host computer 100 before exercising the button 180. Finally, the software interface 900 preferably includes a function which prevents altering the list of protected mass memory locations (or altering the sector bits in the preferred embodiment) unless the user has entered a predetermined security code. In one implementation, the security code itself can be stored in a protected mass memory location and the software interface 900 compares the code entered by the user with the security code (or codes) stored in the protected memory location set aside for storing such codes. Unless a match is found in this comparison, the software interface 900 prevents any change to the list of protected mass memory locations or, in the preferred embodiment, prevents altering of the sector bits.
Referring to the alternative embodiment of FIG. 8, the write protection circuit 160, the protection firmware and hardware 170 and the button 180 may be installed on a separate card in-line between the host computer 100 and the interface controller 110. Referring to the alternative embodiment of FIG. 9, the write protection circuit 160, the protection firmware and hardware 170 and the button 180 may be installed on a separate card in-line between the interface controller 110 and the mass memory or disk drive 120.
While the invention has been described in detail by specific reference to particular apparatus not accessible to a virus that may have entered the host computer for performing the write protect function including a manual button for temporarily disabling the write protect function, the invention is more generally a method implemented in any suitable apparatus of storing a list of mass memory locations to be protected in a protected storage and preventing any overwriting of those locations except for temporary periods of time when manually prompted by the user. The prevention of such overwriting is carried out in a processor independent of the host computer, so that no virus in the host computer can interfere with the write protection function.
While the invention has been described in detail by specific reference to preferred embodiments, it is understood that variations and modifications thereof may be made without departing from the true spirit and scope of the invention.
Patent | Priority | Assignee | Title |
10037206, | Sep 29 2010 | LENOVO BEIJING LIMITED; Beijing Lenovo Software Ltd | Methods and systems for state switching |
10055415, | Aug 09 2007 | SMARTDEPLOY, LLC | Methods and systems for deploying hardware files to a computer |
10331884, | Oct 10 2016 | Method and system for countering ransomware | |
10339328, | Jul 15 2014 | CRU ACQUISITION GROUP, LLC DBA CRU-DATAPORT LLC | Securing stored computer files from modification |
10936742, | Jul 15 2014 | CRU Data Security Group, LLC | Systems and methods for securing stored computer files from modification |
11444919, | May 20 2019 | Woodward, Inc. | Mission critical security zone |
11475152, | Jul 15 2014 | CRU Data Security Group, LLC | Systems and methods for securing stored computer files from modification with control circuit |
6615330, | Dec 27 2001 | Oracle America, Inc | Virtual worm method and system |
6751716, | Apr 21 2000 | DIGITAL CACHE, LLC | Semiconductor storage device, control device, and electronic apparatus |
6813682, | Sep 29 2000 | MYKEY TECHNOLOGY INC | Write protection for computer long-term memory devices |
6829672, | Nov 14 1999 | NETAC TECHNOLOGY CO , LTD | Electronic flash memory external storage method and device |
6879454, | Jul 11 2003 | International Business Machines Corporation | Write-once read-many hard disk drive |
6904495, | Jan 10 2002 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method for identifying the write protect status of a diskette |
6928555, | Sep 18 2000 | JPMORGAN CHASE BANK, N A ; MORGAN STANLEY SENIOR FUNDING, INC | Method and apparatus for minimizing file scanning by anti-virus programs |
6970954, | Mar 27 2003 | LOGICUBE, INC | System and method for intercepting and evaluating commands to determine if commands are harmful or benign and to emulate harmful commands |
7006318, | Aug 29 2002 | SHENZHEN XINGUODU TECHNOLOGY CO , LTD | Removable media storage system with memory for storing operational data |
7024522, | May 24 2004 | GOOGLE LLC | Worm guarantee storage device employing block write inhibition information |
7043602, | Mar 30 2004 | Hitachi, LTD | Diskarray system |
7073083, | Jul 18 2001 | Thomson Licensing | Method and system for providing emergency shutdown of a malfunctioning device |
7096378, | Aug 29 2002 | SHENZHEN XINGUODU TECHNOLOGY CO , LTD | Data storage system having a non-volatile IC based memory for storing user data |
7117012, | Jun 25 1999 | GIESECKE+DEVRIENT MOBILE SECURITY GMBH | Method for operating a portable data carrier configured for executing reloadable functional programs |
7124290, | Jul 03 2001 | HEWLETT-PACKARD DEVELOPMENT COMPANY L P | Method and system for selectively booting one of a plurality of operating systems contained on a mass storage device |
7170706, | Aug 29 2002 | Everspin Technologies, Inc | Hard disk system with non-volatile IC based memory for storing data |
7210014, | May 27 2004 | Microsoft Technology Licensing, LLC | Alternative methods in memory protection |
7275128, | Sep 26 2003 | Atmel Corporation | Selectable block protection for non-volatile memory |
7277433, | Aug 07 2003 | Cisco Systems, Inc; Cisco Technology, Inc | Switch for implementing read only zones in a fibre channel fabric |
7343627, | Apr 29 2002 | Sharp Kabushiki Kaisha | Secure document-data-handling system and methodology |
7353399, | Jul 31 2002 | Trek 2000 International Ltd | Method and apparatus of storage anti-piracy key encryption (SAKE) device to control data access for networks |
7392398, | Jun 05 2000 | ATI Technologies ULC | Method and apparatus for protection of computer assets from unauthorized access |
7444487, | Mar 18 2003 | Renesas Electronics Corporation | Arrangements having security protection |
7456895, | Mar 25 2003 | Canon Kabushiki Kaisha | Relay unit |
7523281, | Sep 06 2006 | Authenticating hardware for manually enabling and disabling read and write protection to parts of a storage disk or disks for users | |
7523320, | Apr 22 2003 | Seiko Epson Corporation | Fiscal data recorder with protection circuit and tamper-proof seal |
7549161, | Jun 28 2001 | S-COM SYSTEM S PTE LTD | Portable device having biometrics-based authentication capabilities |
7558931, | Sep 29 2004 | Western Digital Technologies, INC | Write/read apparatus to control overwriting |
7631121, | May 13 2002 | Trek 2000 International Ltd. | System and apparatus for compressing and decompressing data stored to a portable data storage device |
7650470, | Jun 28 2001 | Trek 2000 International, Ltd. | Method and devices for data transfer |
7664925, | Mar 18 2003 | Renesas Electronics Corporation | Arrangements having security protection |
7730253, | Nov 27 2006 | Malikie Innovations Limited | System and method for controlling access to a memory device of an electronic device |
7788447, | Nov 14 1999 | Netac Technology Co., Ltd. | Electronic flash memory external storage method and device |
7843916, | Aug 07 2003 | Cisco Technology, Inc. | Implementing read-only zones in a switching fabric |
7913097, | Apr 22 2003 | Seiko Epson Corporation | Fiscal data recorder programmed to write only non-blank values to memory |
7917718, | Mar 18 2003 | Renesas Electronics Corporation | Arrangements having security protection |
8010762, | Nov 27 2006 | Malikie Innovations Limited | System and method for controlling access to a memory device of an electronic device |
8082585, | Sep 13 2010 | Raymond R., Givonetti | Protecting computers from malware using a hardware solution that is not alterable by any software |
8090904, | Feb 01 2008 | CRU Acquisition Group, LLC | Reduced hard-drive-capacity detection device |
8140795, | Feb 28 2005 | LENOVO SWITZERLAND INTERNATIONAL GMBH | Hard disk drive with write-only region |
8209462, | Feb 21 2000 | Trek 2000 International Ltd. | Portable data storage device |
8239959, | May 09 2007 | International Business Machines Corporation | Method and data processing system to prevent manipulation of computer systems |
8275969, | Aug 04 2004 | Sandisk IL Ltd | Storage with persistent user data |
8423591, | Jan 31 2008 | SMARTDEPLOY, LLC | Method and system for modularizing windows imaging format |
8429416, | Jul 31 2002 | Trek 2000 International Ltd. | Method and apparatus of storage anti-piracy key encryption (SAKE) device to control data access for networks |
8443451, | Mar 27 2008 | Manually controlled application security environments | |
8456187, | Apr 21 2011 | International Business Machines Corporation | Implementing temporary disable function of protected circuitry by modulating threshold voltage of timing sensitive circuit |
8474021, | Jun 29 2001 | Secure Systems Limited | Security system and method for computers |
8492207, | Apr 21 2011 | International Business Machines Corporation | Implementing eFuse circuit with enhanced eFuse blow operation |
8525245, | Apr 21 2011 | GLOBALFOUNDRIES U S INC | eDRAM having dynamic retention and performance tradeoff |
8671166, | Aug 09 2007 | SMARTDEPLOY, LLC | Methods and systems for deploying hardware files to a computer |
8816470, | Apr 21 2011 | GLOBALFOUNDRIES Inc | Independently voltage controlled volume of silicon on a silicon on insulator chip |
8826435, | May 28 2009 | TREND MICRO INCORPORATED | Apparatus and methods for protecting removable storage devices from malware infection |
8930936, | Nov 06 2012 | International Business Machines Corporation | Loading remote binaries onto a write-protected device |
9043779, | Nov 06 2012 | International Business Machines Corporation | Loading remote binaries onto a write-protected device |
9372988, | Dec 22 2011 | Intel Corporation | User controllable platform-level trigger to set policy for protecting platform from malware |
9547485, | Mar 31 2006 | SMARTDEPLOY, LLC | System and method for deploying a virtual machine |
9916454, | Dec 22 2011 | Intel Corporation | User controllable platform-level trigger to set policy for protecting platform from malware |
RE42397, | Apr 05 1999 | Sandisk IL Ltd. | Architecture for a universal serial bus-based PC flash disk |
RE42443, | Apr 05 1999 | Sandisk IL Ltd. | Architecture for a universal serial bus-based PC flash disk |
RE44641, | Apr 05 1999 | Sandisk IL, Ltd | USB flash memory device with integrated USB controller |
RE44653, | Apr 05 1999 | Sandisk IL, Ltd | USB flash memory device with integral memory technology driver |
Patent | Priority | Assignee | Title |
4388695, | Feb 21 1980 | ASCOM USA INC ; ASCOM ENTERPRISE NETWORKS, INC ; ASCOM TIMEPLEX, INC | Hardware memory write lock circuit |
4701846, | Jan 19 1985 | Panafacom Limited | Computer system capable of interruption using special protection code for write interruption region of memory device |
5022077, | Aug 25 1989 | LENOVO SINGAPORE PTE LTD | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
5027317, | Mar 17 1989 | ALLEN-BRADLEY COMPANY, INC , A CORP OF WI | Method and circuit for limiting access to a RAM program memory |
5067077, | Sep 22 1983 | Fujitsu Limited | Single chip microcomputer having unauthorized memory space access protection |
5155829, | Jan 21 1986 | Sheyu Group, LLC | Memory system and method for protecting the contents of a ROM type memory |
5421006, | May 07 1992 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method and apparatus for assessing integrity of computer system software |
5564036, | Aug 23 1985 | Canon Kabushiki Kaisha | Memory protective circuit |
5586301, | Nov 09 1994 | MNAP TECHNOLOGIES INTERNATIONAL, INC | Personal computer hard disk protection system |
5657475, | May 25 1994 | Intel Corporation | System for protecting memory accesses by comparing the upper and lower bounds addresses and attribute bits identifying unauthorized combinations of type of operation and mode of access |
5802591, | Oct 31 1994 | Ricoh Company, LTD | Method and system for preventing unauthorized access to information stored in a computer |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Jul 25 2009 | CORIO, MARK | WAMBACH, MARK L | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 023003 | /0818 | |
Jul 30 2009 | WAMBACH, MARK L | MAISETTEM B V , LLC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 023148 | /0176 | |
Jul 30 2009 | WAMBACH, MARK L | MAISETTEM B V , LLC | CORRECTIVE ASSIGNMENT TO CORRECT THE INTERNAL ADDRESS OF THE RECEIVING PARTY SUTIE 400 SHOULD BE SUITE 400 PREVIOUSLY RECORDED ON REEL 023148 FRAME 0176 ASSIGNOR S HEREBY CONFIRMS THE SUITE 400 | 023208 | /0107 | |
Aug 26 2015 | MAISETTEM B V , LLC | CALLAHAN CELLULAR L L C | MERGER SEE DOCUMENT FOR DETAILS | 037530 | /0054 |
Date | Maintenance Fee Events |
Jan 13 2005 | M2551: Payment of Maintenance Fee, 4th Yr, Small Entity. |
May 29 2009 | M2552: Payment of Maintenance Fee, 8th Yr, Small Entity. |
Sep 10 2009 | ASPN: Payor Number Assigned. |
Nov 10 2009 | STOL: Pat Hldr no Longer Claims Small Ent Stat |
Jan 28 2011 | ASPN: Payor Number Assigned. |
Jan 28 2011 | RMPN: Payer Number De-assigned. |
Mar 18 2013 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
Date | Maintenance Schedule |
Dec 11 2004 | 4 years fee payment window open |
Jun 11 2005 | 6 months grace period start (w surcharge) |
Dec 11 2005 | patent expiry (for year 4) |
Dec 11 2007 | 2 years to revive unintentionally abandoned end. (for year 4) |
Dec 11 2008 | 8 years fee payment window open |
Jun 11 2009 | 6 months grace period start (w surcharge) |
Dec 11 2009 | patent expiry (for year 8) |
Dec 11 2011 | 2 years to revive unintentionally abandoned end. (for year 8) |
Dec 11 2012 | 12 years fee payment window open |
Jun 11 2013 | 6 months grace period start (w surcharge) |
Dec 11 2013 | patent expiry (for year 12) |
Dec 11 2015 | 2 years to revive unintentionally abandoned end. (for year 12) |